When the Google Project Zero team announced that it had found a number of security flaws in iOS that could have allowed attackers to compromise devices for years, everyone took notice. But since then, as people have dug into the situation, it became clear that Project Zero’s announcement blog post wasn’t as thorough as it should have been. The websites that were used as the attack vector were not mentioned, and it turns out neither was the fact that Android and Windows were also affected. Now, Apple has weighed in. And it isn’t happy.
In a Newsroom post today, Apple accused Google of “creating the false impression of mass exploitation,” even though that wasn’t the case at all. In fact, the attack was targeting a specific community rather than a wider target.
First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones “en masse” as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously.
Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users that their devices had been compromised. This was never the case.
Apple plugged the security hole in iOS 12.1.4 back in February 2019. Google claimed that it notified Apple of the problem, although Apple says that it was already working on a fix. Apple also took umbrage with Google’s claim that the website attacks had been around for two years. Instead, Apple claims, the attacks were only operational for “a brief period.”
Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not “two years” as Google implies. We fixed the vulnerabilities in question in February — working extremely quickly to resolve the issue just 10 days after we learned about it. When Google approached us, we were already in the process of fixing the exploited bugs.
Questions have already been asked about Google’s motives in announcing a security flaw months after it was fixed. The fact that there was no mention of Android, a Google mobile operating system, was also affected but not mentioned just adds fuel to the fire.
Apple, for its part, also took the opportunity to remind readers that its combination of hardware and software enables it to offer stronger security, unlike, say, Google.
The gloves are definitely off.
You may also like to check out:
- Download iOS 13.1 Beta 2 IPSW Link And OTA Update For iPhone, iPadOS 13.1 Beta 2 For iPad
- How To Jailbreak iOS 12.4 On iPhone X, XS Max, XR, iPad Pro And More Using Unc0ver
- Downgrade iOS 12.4.1 To 12.4 For Jailbreak While Apple Is Still Signing The Firmware
- How To Jailbreak iOS 12.4 Using Unc0ver 3.5.x [Tutorial]
- Download: iOS 12.4.1 IPSW Links, OTA Update For iPhone And iPad Released
- Best Galaxy Note 10 / 10+ Plus Case List: Here Are The Must-Haves For Protection
- Best Galaxy Note 10 / 10+ Plus Screen Protector? Here Are Our Picks [List]
- Jailbreak iOS 12.4.1 By Downgrading And Jailbreaking iOS 12.4, Here’s How
- Download iOS 13 Beta 1 IPSW Links & Install On iPhone XS Max, X, XR, 8, 7, Plus, 6s, iPad, iPod [Tutorial]